Ignore:
Timestamp:
Mar 28, 2011, 9:38:52 PM (9 years ago)
Author:
duerst@…
Message:

removed details of spoofing/normalization

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-iri-3987bis/draft-ietf-iri-3987bis.xml

    r48 r49  
    22852285Most spoofing possibilities for IRIs are extensions of those for URIs.</t>
    22862286
    2287 <t>Spoofing can occur for various reasons. First, a user's normalization expectations or actual normalization
    2288 when entering an IRI or  transcoding an IRI from a legacy character
    2289 encoding do not match the normalization used on the
    2290 server side. Conceptually, this is no different from the problems
    2291 surrounding the use of case-insensitive web servers. For example,
    2292 a popular web page with a mixed-case name ("http://big.example.com/PopularPage.html")
    2293 might be "spoofed" by someone who is able to create "http://big.example.com/popularpage.html".
    2294 However, the use of unnormalized character sequences, and of additional
    2295 mappings for user convenience, may increase the chance for spoofing.
    2296 Protocols and servers that allow the creation of resources with
     2287<t>Protocols and servers that allow the creation of resources with
    22972288names that are not normalized are particularly vulnerable to such
    22982289attacks. This is an inherent
Note: See TracChangeset for help on using the changeset viewer.